diff options
| -rw-r--r-- | docs/configuration/loadbalancing/reverse-proxy.rst | 17 | 
1 files changed, 10 insertions, 7 deletions
| diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 8c22923d..970e084e 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -144,7 +144,8 @@ Backend    Send a Proxy Protocol version 2 header (binary format) -.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl ca-certificate <ca-certificate> +.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl +   ca-certificate <ca-certificate>    Configure requests to the backend server to use SSL encryption and    authenticate backend against <ca-certificate> @@ -246,6 +247,7 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm.      set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'      set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' +  Balancing based on domain name  ------------------------------  The following configuration demonstrates how to use VyOS @@ -329,18 +331,19 @@ connection limit of 4000 and a minimum TLS version of 1.3.  SSL Bridging  ------------- -The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends -to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to +The following configuration terminates incoming HTTPS traffic on the router, +then re-encrypts the traffic and sends to the backend server via HTTPS. +This is useful if encryption is required for both legs, but you do not want to  install publicly trusted certificates on each backend server. -Backend service certificates are checked against the certificate authority specified in the configuration, which -could be an internal CA. +Backend service certificates are checked against the certificate authority +specified in the configuration, which could be an internal CA.  The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to  handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. -The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend -server has a valid certificate trusted by CA ``cacert`` +The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS +and checks backend server has a valid certificate trusted by CA ``cacert``  .. code-block:: none | 
